Vulnerability Description
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Auto-Maskin | Rp 210E Firmware | - |
| Arm | Arm7 | < 3.7 |
| Auto-Maskin | Rp 210E | - |
| Auto-Maskin | Dcu 210E Firmware | - |
| Auto-Maskin | Dcu 210E | - |
| Auto-Maskin | Marine Pro Observer | - |
Related Weaknesses (CWE)
References
- https://www.kb.cert.org/vuls/id/176301Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-051-04
- https://www.kb.cert.org/vuls/id/176301Third Party AdvisoryUS Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-051-04
FAQ
What is CVE-2018-5402?
CVE-2018-5402 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once ...
How severe is CVE-2018-5402?
CVE-2018-5402 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-5402?
Check the references section above for vendor advisories and patch information. Affected products include: Auto-Maskin Rp 210E Firmware, Arm Arm7, Auto-Maskin Rp 210E, Auto-Maskin Dcu 210E Firmware, Auto-Maskin Dcu 210E.